2 * Copyright (C) 2001, 2002 The Mir-coders group
4 * This file is part of Mir.
6 * Mir is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Mir is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Mir; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * In addition, as a special exception, The Mir-coders gives permission to link
21 * the code of this program with any library licensed under the Apache Software License,
22 * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library
23 * (or with modified versions of the above that use the same license as the above),
24 * and distribute linked combinations including the two. You must obey the
25 * GNU General Public License in all respects for all of the code used other than
26 * the above mentioned libraries. If you modify this file, you may extend this
27 * exception to your version of the file, but you are not obligated to do so.
28 * If you do not wish to do so, delete this exception statement from your version.
31 package mircoders.servlet;
33 import mir.entity.adapter.EntityAdapterModel;
34 import mir.entity.adapter.EntityIteratorAdapter;
35 import mir.log.LoggerWrapper;
36 import mir.servlet.ServletModule;
37 import mir.servlet.ServletModuleExc;
38 import mir.servlet.ServletModuleFailure;
39 import mir.servlet.ServletModuleUserExc;
40 import mir.util.CachingRewindableIterator;
41 import mir.util.HTTPRequestParser;
42 import mir.util.URLBuilder;
43 import mircoders.entity.EntityUsers;
44 import mircoders.global.MirGlobal;
45 import mircoders.module.ModuleUsers;
46 import mircoders.storage.DatabaseUsers;
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
56 public class ServletModuleUsers extends ServletModule
58 private static ServletModuleUsers instance = new ServletModuleUsers();
59 public static ServletModule getInstance() { return instance; }
60 protected ModuleUsers usersModule;
62 private ServletModuleUsers() {
64 logger = new LoggerWrapper("ServletModule.Users");
68 usersModule = new ModuleUsers();
69 mainModule = usersModule;
72 logger.debug("initialization of ServletModuleUsers failed!: " + e.getMessage());
76 public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
78 String idParam = aRequest.getParameter("id");
81 throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
84 EntityUsers user = (EntityUsers) mainModule.getById(idParam);
85 MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
87 showUser(idParam, false, aRequest, aResponse);
90 throw new ServletModuleFailure(e);
94 public void add(HttpServletRequest aRequest, HttpServletResponse aResponse)
95 throws ServletModuleExc
98 MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
100 showUser(null, false, aRequest, aResponse);
102 catch (Throwable e) {
103 throw new ServletModuleFailure(e);
107 public String validatePassword(EntityUsers aUser, HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
109 if ( (aRequestParser.getParameter("newpassword") != null &&
110 aRequestParser.getParameter("newpassword").length() > 0) ||
111 (aRequestParser.getParameter("newpassword2") != null &&
112 aRequestParser.getParameter("newpassword2").length() > 0)
114 String newPassword = aRequestParser.getParameterWithDefault("newpassword", "");
115 String newPassword2 = aRequestParser.getParameterWithDefault("newpassword2", "");
116 String oldPassword = aRequestParser.getParameterWithDefault("oldpassword", "");
119 if (!usersModule.checkUserPassword(aUser, oldPassword)) {
120 throw new ServletModuleUserExc("user.error.incorrectpassword", new String[] {});
123 catch (Throwable t) {
124 throw new ServletModuleFailure(t);
128 if (newPassword.length() == 0 || newPassword2.length() == 0) {
129 throw new ServletModuleUserExc("user.error.missingpasswords", new String[] {});
132 if (!newPassword.equals(newPassword2)) {
133 throw new ServletModuleUserExc("user.error.passwordmismatch", new String[] {});
142 public void insert(HttpServletRequest aRequest, HttpServletResponse aResponse)
143 throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
146 MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
148 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
149 Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
151 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
152 if (newPassword!=null)
153 withValues.put("password", newPassword);
155 throw new ServletModuleUserExc("user.error.missingpassword", new String[] {});
157 String id = mainModule.add(withValues);
159 logAdminUsage(aRequest, id, "object added");
161 if (requestParser.hasParameter("returnurl"))
162 ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
164 list(aRequest, aResponse);
166 catch (Throwable e) {
167 throw new ServletModuleFailure(e);
171 public void update(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
174 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
175 String id = requestParser.getParameter("id");
176 EntityUsers user = (EntityUsers) mainModule.getById(id);
177 MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
179 Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
180 if (!withValues.containsKey("is_admin"))
181 withValues.put("is_admin","0");
182 if (!withValues.containsKey("is_disabled"))
183 withValues.put("is_disabled","0");
185 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
186 if (newPassword!=null)
187 withValues.put("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
189 mainModule.set(withValues);
191 logAdminUsage(aRequest, id, "object modified");
193 if (requestParser.hasParameter("returnurl"))
194 ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
196 list(aRequest, aResponse);
198 catch (Throwable e) {
199 throw new ServletModuleFailure(e);
203 public void updatepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
206 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
207 String id = requestParser.getParameter("id");
208 EntityUsers user = (EntityUsers) mainModule.getById(id);
209 MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
211 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
212 if (newPassword!=null) {
213 user.setFieldValue("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
216 logAdminUsage(aRequest, id, "password changed");
218 // hackish: to make sure the cached logged in user is up-to-date:
219 ServletHelper.setUser(aRequest, (EntityUsers) mainModule.getById(ServletHelper.getUser(aRequest).getId()));
222 if (requestParser.hasParameter("returnurl"))
223 ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
225 ServletHelper.redirect(aResponse, "");
227 catch (Throwable e) {
228 throw new ServletModuleFailure(e);
232 public void list(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
234 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
236 int offset = requestParser.getIntegerWithDefault("offset", 0);
238 returnUserList(aRequest, aResponse, offset);
241 public void returnUserList(
242 HttpServletRequest aRequest,
243 HttpServletResponse aResponse,
244 int anOffset) throws ServletModuleExc {
246 URLBuilder urlBuilder = new URLBuilder();
250 Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
251 model = MirGlobal.localizer().dataModel().adapterModel();
254 new CachingRewindableIterator(
255 new EntityIteratorAdapter( "", "login", nrEntitiesPerListPage,
256 MirGlobal.localizer().dataModel().adapterModel(), "user", nrEntitiesPerListPage, anOffset)
259 responseData.put("nexturl", null);
260 responseData.put("prevurl", null);
262 count=mainModule.getSize("");
264 urlBuilder.setValue("module", "Users");
265 urlBuilder.setValue("do", "list");
267 urlBuilder.setValue("offset", anOffset);
268 responseData.put("offset" , new Integer(anOffset).toString());
269 responseData.put("thisurl" , urlBuilder.getQuery());
271 if (count>=anOffset+nrEntitiesPerListPage) {
272 urlBuilder.setValue("offset", (anOffset + nrEntitiesPerListPage));
273 responseData.put("nexturl" , urlBuilder.getQuery());
277 urlBuilder.setValue("offset", Math.max(anOffset - nrEntitiesPerListPage, 0));
278 responseData.put("prevurl" , urlBuilder.getQuery());
281 responseData.put("users", userList);
282 responseData.put("mayDeleteUsers", new Boolean(MirGlobal.accessControl().user().mayDeleteUsers(ServletHelper.getUser(aRequest))));
283 responseData.put("mayAddUsers", new Boolean(MirGlobal.accessControl().user().mayAddUsers(ServletHelper.getUser(aRequest))));
284 responseData.put("mayEditUsers", new Boolean(MirGlobal.accessControl().user().mayEditUsers(ServletHelper.getUser(aRequest))));
286 responseData.put("from" , Integer.toString(anOffset+1));
287 responseData.put("count", Integer.toString(count));
288 responseData.put("to", Integer.toString(Math.min(anOffset+nrEntitiesPerListPage, count)));
289 responseData.put("offset" , Integer.toString(anOffset));
291 ServletHelper.generateResponse(aResponse.getWriter(), responseData, listGenerator);
293 catch (Throwable e) {
294 throw new ServletModuleFailure(e);
298 public void showUser(String anId, boolean anOnlyPassword, HttpServletRequest aRequest, HttpServletResponse aResponse)
299 throws ServletModuleExc {
301 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
302 Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
303 EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel();
305 URLBuilder urlBuilder = new URLBuilder();
307 urlBuilder.setValue("module", "Users");
309 urlBuilder.setValue("do", "changepassword");
311 urlBuilder.setValue("do", "edit");
312 urlBuilder.setValue("id", anId);
313 urlBuilder.setValue("returnurl", requestParser.getParameter("returnurl"));
316 responseData.put("new", Boolean.FALSE);
317 user = model.makeEntityAdapter("user", mainModule.getById(anId));
320 List fields = DatabaseUsers.getInstance().getFieldNames();
321 responseData.put("new", Boolean.TRUE);
322 user = new HashMap();
323 Iterator i = fields.iterator();
324 while (i.hasNext()) {
325 user.put(i.next(), null);
328 MirGlobal.localizer().adminInterface().initializeArticle(user);
330 responseData.put("user", user);
331 responseData.put("passwordonly", new Boolean(anOnlyPassword));
333 responseData.put("returnurl", requestParser.getParameter("returnurl"));
334 responseData.put("thisurl", urlBuilder.getQuery());
336 ServletHelper.generateResponse(aResponse.getWriter(), responseData, editGenerator);
338 catch (Throwable e) {
339 throw new ServletModuleFailure(e);
343 public void delete(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleUserExc, ServletModuleExc, ServletModuleFailure {
345 EntityUsers user = (EntityUsers) mainModule.getById(aRequest.getParameter("id"));
347 MirGlobal.accessControl().user().assertMayDeleteUser(ServletHelper.getUser(aRequest), user);
349 super.delete(aRequest, aResponse);
351 catch (Throwable t) {
352 throw new ServletModuleFailure(t);
356 public void changepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
358 String idParam = aRequest.getParameter("id");
361 throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
364 EntityUsers user = (EntityUsers) mainModule.getById(idParam);
365 MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
367 showUser(idParam, true, aRequest, aResponse);
369 catch (Throwable e) {
370 throw new ServletModuleFailure(e);